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THAT WHICH IS CLAIMED: 

A method of controlling updates of a 
programmable ntemory of a device, the method comprising: 

obtaining \ an update image corresponding to the 
update of the programmable memory; 

obtaining & certificate associated with the update 
image, the certificate having update application rules 
in at least one (extension of the certificate ; 

extracting the update application rules from the 
at least one extension of the obtained certificate; and 
selectively \updating the programmable memory based 
on the update imabe and the update application rules 
extracted from th<4 obtained certificate. 



2. A method! according to Claim 1, wherein the 
update application Irules comprise at least one of rules 
information associated with a manufacturer of the 
device, rules information associated with a brand of 
the device, rules information associated with a 
software version of Ithe device, rules information 
associated with a license authorization of the device 
or rules associated with the individual device. 

3. A method adcording to Claim 1, wherein the 
update application ruu.es comprise rules defining 
devices for which application of the update image is 
authorized. 



4. A method according to Claim 3, wherein the 
rules defining devices 1 comprise rules specifying at 
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least one of author 
au t ho r i z e d f i r inwa r e 
manufacturers and 
device . 



ized device serial numbers, 
versions, authorized device 
authorized users associated with a 



5. A method According to Claim 1, wherein the 
update application rules comprise rules defining how 
data from the updatq image is utilized to update the 
programmable memory . 



ac 



ru 



6 . A method 
upda t e app 1 i c a t i on 
installation inf ormajt 
and wherein the step 
memory comprises upqL 
utilizing the insta 
the update image . 



cording to Claim 1, wherein the 
les comprise rules which identify 
ion provided with the update image 
of updating the programmable 
ating the programmable memory 
lation information provided with 



7 . A method according to Claim 6 , wherein the 
installation information comprises an install program 

of updating the programmable 
memory utilizing th4 installation information comprises 
executing the install program to write the update data 

memory . 



to the programmable 

8 . A method 
comprising verifying 
image . 



Recording to Claim 1, further 
the authenticity of the update 



9 . A method 
step of verifying t 



according to Claim 8, wherein the 
le authenticity of the update 
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comprises the step of /evaluating the certificate 
associated with the update image to determine if a 
valid digital signature is provided with the image. 
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10. A method according to Claim 8, wherein the 
step of verifying tpe authenticity of the update image 

of determining if a valid digital 
signature is provided with the image by decrypting the 
digital signature provided with the image using a 
shared secret . 



according to Claim 9, wherein the 
the certificate comprises the steps 



11. A method 
step of evaluating. 

Of. 

decrypting a digital signature of the certificate 
utilizing a public key of a certificate authority 
accessible to the update program; and 



comparing t 
precomputed value 
is a valid digit 



a decrypted digital signature with a 

to determine if the digital signature 
1 signature associated with the 



certificate authority 



12 . A 
public key is s 



method 



tbred 



according to Claim 11, wherein the 
in a non-updateable memory. 



13. A methfod according to Claim 11, further 
comprising the steps of : 

providing the public key of the certificate 
authority in a previous version of data to be stored in 
the programmable memory; and 
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wherein the steip of decrypting a digital signature 
of the certificate utilizing a public key further 
comprises the step cpf obtaining the public key from the 
programmable memory 



14 



A method 



according to Claim 8, wherein the 



update image includes a plurality of certificates in a 
hierarchy of certificates and wherein the step of 
verifying the authenticity of the update comprises the 
step of evaluating certificates of the plurality of 
certificates in the update image to determine if a 
valid digital signature is provided with the 



certificates of the 



update image 



utilizing a public 
certificate in the 
comparing the 



15. A method according to Claim 14, wherein the 
step of evaluating each of the digital certificates 
comprises the steps? of: 

decrypting a digital signature of a certificate 
key associated with a next -higher 
hierarchy; 

decrypted digital signature with a 
precomputed value t[o determine if the digital signature 
is a valid digital signature associated with the 
certificate; 

obtaining a public key associated with another of 
the digital certificates; 

repeating thei steps of decrypting and comparing 
utilizing the obtained public key associated with 
another of the digital certificates; and 

wherein the step of obtaining a public key is 
repeated until a public key associated with a digital 
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certificate of a tru 
obtained, and compar 
authority public key 



update image include; 
hierarchy of certifn 



ted certificate authority is 
Lng the of the trusted certificate 
with a predetermined value. 



16. A method according to Claim 1, wherein the 



s a plurality of certificates in a 
cates and wherein the extracting 



the update application rules comprises the step of 
extracting update application rules from each of the 
certificates in the hierarchy of certificates having 
update application r|les provided in an extension of 
the certification . 

17. A method adcording to Claim 16, wherein the 
programmable memory is updated with the update image 
only if all of the upjdate application rules indicate 

is applicable to the device. 



that the update image 



18 . A method ac 
programmable memory i 
any of the update appl 



(fording to Claim 16, wherein the 
updated with the update image if 
ication rules indicate that the 



update image is applicable to the device 



19. A method ac 
programmable memory is 
any of the update appl 
update image is appli 



cprding to Claim 1, wherein the 
updated with the update image if 
ication rules indicate that the 
cjable to the device . 



20. A method acc 
programmable memory is 



ording to Claim 1, wherein the 
updated with the update image 
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only if all of the update application rules indicate 



that the update image :L 



21. A system for 
programmable memory of 



s applicable to the device. 



controlling updates of a 
a device, comprising: 
means for obtaining an update image corresponding 
to the update of the programmable memory; 

g a certificate associated with 
the update image, the certificate having update 
application rules in at least one extension of the 
certificate ; 

means for extracting the update application rules 
from the at least one extension of the obtained 
certificate; and 

means for selectivjely updating the programmable 
memory based on the update image and the update 
application rules extrajcted from the obtained 
certificate . 



22 . A system acc 
update application rul 
information associated 
device, rules informat 
the device, rules i 
software version of the 
associated with a licen 
or rules associated wi 



es 



ion 



nformat 



23 . A system ac 
update application rule 



qrding to Claim 21, wherein the 
comprise at least one of rules 
with a manufacturer of the 

associated with a brand of 
ion associated with a 
device, rules information 
se authorization of the device 
tlh the individual device . 



cc rding 



to Claim 21, wherein the 
s comprise rules defining 
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devices for which application of the update image is 
authorized. 



24. A system a/ccording to Claim 23, wherein the 
rules defining deviqes comprise rules specifying at 
least one of authori.zed device serial numbers, 
authorized firmware versions, authorized device 
manufacturers and authorized users associated with a 
device . 

25. A system According to Claim 21, wherein the 
update application rules comprise rules defining how 
data from the update image is utilized to update the 
programmable memory . 



26 . A system 
update application 



according to Claim 21, wherein the 
rules comprise rules which identify 
installation information provided with the update image 
and wherein the means for updating the programmable 
memory comprises means for updating the programmable 
memory utilizing the installation information provided 
with the update image . 
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A system 



and wherein means 
utilizing the inst 
for executing the 



according to Claim 26, wherein the 



installation information comprises an install program 



data to the programmable memory 



[for updating the programmable memory 
allation information comprises means 
install program to write the update 



RSW9-2 00 0-008 7-US1 



-55- 




28 



A system according to Claim 21, further 



comprising means for ver 
update image . 



ifying the authenticity of the 



29. A system acco 
means for verifying the 
comprises means for eva 



J 



ding to Claim 28, wherein the 
authenticity of the update 
:.uating the certificate 



associated with the update image to determine if a 



valid digital signature 



30 



means for verifying the 



is provided with the image. 



A system according to Claim 28, wherein the 



authenticity of the update 



image comprises means for determining if a valid 
digital signature is provided with the image by 
decrypting the digital / signature provided with the 
image using a shared secret . 



31. A system according to Claim 29, wherein the 
means for evaluating the certificate comprises: 

means for decrypting a digital signature of the 
certificate utilizing a public key of a certificate 
authority accessible to the update program; and 

means for comparing the decrypted digital 
signature with a precomputed value to determine if the 
digital signature is a valid digital signature 
associated with the certificate authority. 

32. A system according to Claim 31, wherein the 
public key is stored in a non-updateable memory. 
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be stored in the 
wherein the 
signature of the 



f 

33- A system according to Claim 31, further 
comprising : 

means for providing the public key of the 
certificate authority in a previous version of data to 

programmable memory; and 
means for decrypting a digital 
certificate utilizing a public key 
further comprised means for obtaining the public key 
from the programmable memory. 



34. A syst 
update image inc 
hierarchy of cer 
verifying the 
means for evaluajt 
certificates in 
valid digital si 
certificates of 



sm according to Claim 28, wherein the 
Ludes a plurality of certificates in a 
tificates and wherein the means for 
authenticity of the update comprises 

ing certificates of the plurality of 
the update image to determine if a 
ignature is provided with evaluated 
the update image . 



35. A system according to Claim 34, wherein the 
means for evaluating each of the digital certificates 
comprises : 

means for decrypting a digital signature of a 
certificate utilizing a public key associated with a 
next -higher certificate in the hierarchy ; 

means for comparing the decrypted digital 

signature with a jprecomputed value to determine if the 

j 

digital signature is a valid digital signature 
associated with the certificate; 

! 

means for obtaining a public key associated with 
another of the digital certificates; 
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means for repeatedly obtaining a public key, 
decrypting a digitaCL signature and comparing the 
decrypted digital signature with a precomputed value 
until a public key associated with a digital 
certificate of a trusted certificate authority is 
obtained; and 

means for comparing the public key of the digital 
certificate of the trusted certificate authority with a 
predetermined valufe . 



extension of the cert 



37. A systerr 



36. A system 
update image inclulde 
hierarchy of certi 
extracting the updat 
for extracting upd,at 
the certificates i|n 
having update appl 



according to Claim 21 , wherein the 
s a plurality of certificates in a 
f icates and wherein the means for 

e application rules comprises means 
e application rules from each of. 
the hierarchy of certificates 
ication rules provided in an 
if ication. 



according to Claim 36, wherein the 
programmable memory is updated with the update image 
only if all of the; update application rules indicate 
that the update inage is applicable to the device. 

38. A system according to Claim 36, wherein the 
programmable memory is updated with the update image if 
any of the update application rules indicate that the 
update image is applicable to the device. 

39. A system according to Claim 21, wherein the 
programmable memory is updated with the update image if 
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any of the update application rules indicate that the 



update image is appl 



Lcable to the device 



40. A system according to Claim 21, wherein the 
programmable memory/ is updated with the update image 



only if all of the 



update application rules indicate 



that the update image is applicable to the device. 

41. A computer program product for controlling 
updates of a programmable memory of a device, 
comprising : 

a computer readable media having computer readable 
ed therein, the computer readable 
program code comprising: 

computer readable program code which obtains an 
update image corresponding to the update of the 
programmable memory ; 

computer readable program code which obtains a 
ted with the update image, the 
update application rules in at least 



certificate associa 
certificate having 



one extension of the certificate; 



computer reada 
upda t e app 1 i c a t i on 



ble program code which extracts the 
rules from the at least one 
extension of the obtained certificate; and 

computer readable program code which selectively 
updates the programmable memory based on the update 
image and the update application rules extracted from 
the obtained certificate. 

42. A computer program product according to Claim 
41, wherein the update application rules comprise at 
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least one of rules information associated with a 
manufacturer of the device, rules information 
associated with a brapd of the device, rules 
information associated with a software version of the 
device, rules information associated with a license 
authorization of the/ device or rules associated with 



the individual devic 



e . 



43 . A computer 



program product according to Claim 



41, wherein the update application rules comprise rules 



defining devices for 
image is authorized. 



which application of the update 



44 . A computer program product according to Claim 
43, wherein the rules; defining devices comprise rules 
specifying at least one of authorized device serial 
numbers, authorized firmware versions, authorized 
device manufacturers and authorized users associated 
with a device. 



45. A computer 
41, wherein the upda 
defining how data fr 
update the programmabl 



46. A computer 
41, wherein the updat 
which identify insta 
the update image and 
program code which 



program product according to Claim 
te application rules comprise rules 
om the update image is utilized to 
e memory . 



program product according to Claim 
e application rules comprise rules 
llation information provided with 
wherein the computer readable 
Updates the programmable memory 
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comprises computer readable program code which updates 
the programmable memory utilizing the installation 
information provided with the update image. 

47. A compi.ter program product according to Claim 
46, wherein the installation information comprises an 
install program cind wherein the computer readable 
program code which updates the programmable memory 
utilizing the installation information comprises 

program code which executes the 
install program tio write the update data to the 
programmable memory . 



48 . A compujt 
41, further compr 
which verifies th 



er program product according to Claim 
ising computer readable program code 
authenticity of the update image . 



49. A computer program product according to Claim 
48, wherein the computer readable program code which 
verifies the authenticity of the update comprises 
computer readable program code which evaluates the 
certificate associated with the update image to 
determine if a val^d digital signature is provided with 
the image . 
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A computer program product according to Claim 



48, wherein the computer readable program code which 
verifies the authenticity of the update image comprises 
computer readable program code which determines if a 
valid digital signature is provided with the image by 
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decrypting the digital signature provided with the 
image using a shared secret . 



51. A computer program product according to Claim 
49, wherein the computer readable program code which 
evaluates the certificate comprises: 

computer readable program code which decrypts a 
digital signature of the certificate utilizing a public 
key of a certificate authority accessible to the update 
program; and 

computer readable program code which compares the 
decrypted digital signature with a precomputed value to 
determine if the c.igital signature is a valid digital 
signature associated with the certificate authority. 



52 . A computt 
51, wherein the publ 
updateable memory 



er program product according to Claim 
ic key is stored in a non- 



53 . A computer program product according to Claim 
51, further comprising: 

computer readable program code which provides the 
public key of the certificate authority in a previous 
version of data t<D be stored in the programmable 
memory; and 

wherein the bomputer readable program code which 
decrypts a digitajl signature of the certificate 



utilizing a publi^ 
readable program 
the programmable 



c key further comprises computer 
code which obtains the public key from 
memory . 
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A compuLer program product according to Claim 



48, wherein the update image includes a plurality of 
certificates in a hierarchy of certificates and wherein 
the computer readable program code which verifies the 
authenticity of/ the update comprises computer readable 
program code which evaluates certificates of the 
plurality of certificates in the update image to 
determine if a valid digital signature is provided with 
the evaluated Certificates of the update image. 



10 



15 



20 



evaluates each 
computer 



55. A computer program product according to Claim 
54 , wherein the computer readable program code which 

of the digital certificates comprises: 
readable program code which decrypts a 
digital signature of a certificate utilizing a public 
key associated) with a next -higher certificate in the 
hierarchy; 

computer (readable program code which compares the 
decrypted digital signature with a precomputed value to 
determine if the digital signature is a valid digital 
signature asscpciated with the certificate; 



computer 
public key as 
certificates ; 

computer 
obtains a publ 
compares the 
precomputed a 



readable program code which obtains a 
sociated with another of the digital 



digital certificate of a trusted certificate authority 



is obtained; 



readable program code which repeatedly 
ic key, decrypts a digital signature and 
decrypted digital signature with a 
alue until a public key associated with a 



and 



\ 



RSW9-2 000-0087-US1 



■63- 



computer readafyl 
public key of the d 
certificate author i 



e program code which compares the 
^.gital certificate of the trusted 
y with a predetermined value . 



56. A computer program product according to Claim 
41 , wherein the update image includes a plurality of 
certificates in a hierarchy of certificates and wherein 
the computer readable program code which extracts the 
update application rules comprises computer readable 
program code which extracts update application rules 



from each of the ce 



certificates having update application rules provided 



in an extension of 



rtif icates in the hierarchy of 



the certification . 



57. A computer program product according to Claim 
56, wherein the programmable memory is updated with the 

if all of the update application 
rules indicate th£t the update image is applicable to 
the device. 

58. A compu|ter program product according to Claim 
56, wherein the programmable memory is updated with the 
update image if aiy of the update application rules 
indicate that the update image is applicable to the 
device . 



59. A compiiter program product according to Claim 
41, wherein the programmable memory is updated with the 
update image if kny of the update application rules 
indicate that ths update image is applicable to the 
device . 
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60 . A 
41, wherein the 
update image 
rules indicate t 
the device. 



compit 



only 



er program product according to Claim 
programmable memory is updated with the 

if all of the update application 
lat the update image is applicable to 



61. A certificate for use in updating a 
programmable memory, the certificate comprising: 
a digital signature; and 

at least one! extension having rules to control 
installation of an update image. 



62 . A certi 
the certificate i 
certificate authority 



icate according to Claim 61, wherein 
signed with a private key of a 



63 . A certif 
the certificate is 
plurality of certi 

64 . A certif 
the certificate is 
higher authority a 
certificate in the 



icate according to Claim 61, wherein 

a certificate in a hierarchy of a 
f icates . 

icate according to Claim 63, wherein 
signed with a private key of a next- 

Associated with a next-higher 
hierarch of certificates. 



65 



the rules comprise 



A certificate according to Claim 61, wherein 



associated with a nanuf acturer of the device, rules 



information associ 
rules information 
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associated with a software version of 
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the device, rules information associated with a license 
authorization of \ the device or rules associated with 
the individual device . 

66. A certificate according to Claim 61, wherein 
the rules comprise rules defining devices for which 
application of the update image is authorized. 
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67. A certificate according to Claim 66, wherein 
the rules defining pevices comprise rules specifying at 
least one of authorized device serial numbers, 

versions, authorized device 
thorized users associated with a 



authorized firmware 
manufacturers and au 
device . 



68 



A mot hod a 



rules comprise rules 
image is utilized to 



69 



A method o 



cording to Claim 61, wherein the 
defining how data from the update 
update the programmable memory. 



providing a plurality of devices 
having differing functionality, the method comprising: 

providing a plurality of generic processing 
devices having hardware suitable to perform at least a 
portion of the differing functionality of the plurality 
of devices, wherein the generic processing devices also 
have a programmable memory; 

the plurality of generic 
)dates to the programmable memory 
so as to define the functionality of the generic 
processing devices sd as to provide the plurality of 
devices having differing functionality, wherein the 



distributing to 
processing devices u] 
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updates have at least one associated certificate, the 
certificate having update application rules in at least 
one extension of the certificate; and 

selectively updating the programmable memories of 
the generic processing devices based on the distributed 
updates and the rules specified in the at least one 
extension of the certificate. 



70 . A method 
step of distributing 
processing devices 
updates of the 



71 . A method 
plurality of generi 
automobiles and whe^e 
memory to control 



Recording to Claim 69, wherein the 

to the plurality of generic 
Comprises the step of transmitting 
e memory over the Internet . 



programmable 



Recording to Claim 70, wherein the 
processing devices comprise 
in the updates of the programmable 
ions provided for the automobiles . 



opt 



72. A method bf providing a plurality having 
differing functionality, the method comprising: 

distributing through a non- secure distribution 
channel a plurality of devices; and 

controlling the functionality of individual ones 

i 



of the plurality o 
individual ones of 



devices by a secure update of the 
the plurality of devices, wherein 
the update is controlled by a trusted update authority 
within the distribution channel. 



73 . A method 
secure update com^ri 
over the Internet 



according to Claim 72, wherein the 
ises transmitting update information 
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74 . A method 
plurality of proce 
and wherein the se 
programmable memory 
options provided wd 



according to Claim 72, wherein the 
ing devices comprise automobiles 
updates comprise updates of a 
of the automobiles to control 
th the automobiles. 



ss 



cure 
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